Smuggle SocialClub's Facebook OAuth Code via Referer Leakage

In this report, the researcher provided a POC in which they were able to combine two issues to create a condition that potentially could have allowed an attacker to obtain OAuth tokens. One of the issues involved allowing external content to load in our Screenshot Viewer tool; we resolved this issue, which rendered the POC inoperable. We are still working on resolving the other issue, but without the ability to exploit the other issue, the impact is minimal.